Netsurion and EventTracker Merge to Boost SIEM Capabilities

The newly merged company plans to announce a product that will provide a fully managed security service that integrates firewalls with SIEM and other capabilities.


Privately held security vendor Netsurion announced on Oct. 13 that it is merging with security information and event management (SIEM) vendor EventTracker.

Financial details of the merger are not being publicly disclosed, though the deal is being facilitated by Providence Strategic Growth, which already has made equity investments in Netsurion.

Netsurion is a provider of security services, including managed firewall capabilities, while EventTracker provides a managed SIEM offering. The merged company will be known as Netsurion, with the EventTracker business operating as a division.

Many of Netsurion's customers are in the retail and restaurant businesses and have to comply with the Payment Card Industry Data Security Standard (PCI DSS), said CEO Kevin Watson. A core element of PCI DSS compliance is having SIEM capability. Prior to the merger with EventTracker, Netsurion was doing a "basic" level of PCI DSS-related logging, Watson said.

"We didn't have the sophistication of correlated events and automated alerting that comes out of a true SIEM product," Watson told eWEEK.

In the last 18 months, Netsurion officials have noticed an increase in sophisticated attacks that were more complex to track than what a basic SIEM product could handle, he said, adding that Netsurion wanted to improve security to deal with the increasingly complex attacks, which is what led the company to EventTracker.

"We started working with EventTracker to build a product that can bring true SIEM capabilities to the edge of the network with a very lightweight sensor that has both automated and fully managed capabilities," Watson said.

While there are many SIEM vendors in the market today, EventTracker manages its own Security Operations Center and provides managed service capabilities, he said. A key trend in the SIEM market today is adding capabilities for user behavior analytics that look to correlate user behavior across different points of access to find anomalies. Among the many tools is the space is the Splunk User Behavior Analytics (UBA) 3.0. platform, which was announced Sept. 27. With EventTracker, Netsurion provides a large pool of data intelligence that can be used to help identify potentially malicious user behavior, Watson said.

The newly merged company is set to announce a new product in approximately one month that will provide a fully managed security service that integrates the firewall with SIEM, as well as remediation capabilities.

The retail and hospitality markets have been hit particularly hard in recent years with multiple instances of point-of-sale (POS) system breaches. The new Netsurion product that is set to be announced next month takes aim at the POS security challenge.

"The new product puts SIEM capabilities at the point-of-sale terminal in a branch," Watson said.

Instead of just protecting a branch location with a managed firewall, the new Netsurion product will be able to collect and correlate data to help identify threats. The SIEM will also be able to take action on its own and stop potentially malicious processes.

"We'll also work with the impacted customer to provide true remediation and identify how a malicious item came in, all the systems that the item is on and how to fully remediate," Watson said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.